xref: /titanic_41/usr/src/uts/common/fs/tmpfs/tmp_vnops.c (revision 4aac33d31b41cc7e3ac6fb66747ff2cae63d08cf)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/types.h>
29 #include <sys/param.h>
30 #include <sys/t_lock.h>
31 #include <sys/systm.h>
32 #include <sys/sysmacros.h>
33 #include <sys/user.h>
34 #include <sys/time.h>
35 #include <sys/vfs.h>
36 #include <sys/vfs_opreg.h>
37 #include <sys/vnode.h>
38 #include <sys/file.h>
39 #include <sys/fcntl.h>
40 #include <sys/flock.h>
41 #include <sys/kmem.h>
42 #include <sys/uio.h>
43 #include <sys/errno.h>
44 #include <sys/stat.h>
45 #include <sys/cred.h>
46 #include <sys/dirent.h>
47 #include <sys/pathname.h>
48 #include <sys/vmsystm.h>
49 #include <sys/fs/tmp.h>
50 #include <sys/fs/tmpnode.h>
51 #include <sys/mman.h>
52 #include <vm/hat.h>
53 #include <vm/seg_vn.h>
54 #include <vm/seg_map.h>
55 #include <vm/seg.h>
56 #include <vm/anon.h>
57 #include <vm/as.h>
58 #include <vm/page.h>
59 #include <vm/pvn.h>
60 #include <sys/cmn_err.h>
61 #include <sys/debug.h>
62 #include <sys/swap.h>
63 #include <sys/buf.h>
64 #include <sys/vm.h>
65 #include <sys/vtrace.h>
66 #include <sys/policy.h>
67 #include <fs/fs_subr.h>
68 
69 static int	tmp_getapage(struct vnode *, u_offset_t, size_t, uint_t *,
70 	page_t **, size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
71 static int 	tmp_putapage(struct vnode *, page_t *, u_offset_t *, size_t *,
72 	int, struct cred *);
73 
74 /* ARGSUSED1 */
75 static int
76 tmp_open(struct vnode **vpp, int flag, struct cred *cred)
77 {
78 	/*
79 	 * swapon to a tmpfs file is not supported so access
80 	 * is denied on open if VISSWAP is set.
81 	 */
82 	if ((*vpp)->v_flag & VISSWAP)
83 		return (EINVAL);
84 	return (0);
85 }
86 
87 /* ARGSUSED1 */
88 static int
89 tmp_close(struct vnode *vp, int flag, int count,
90     offset_t offset, struct cred *cred)
91 {
92 	cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
93 	cleanshares(vp, ttoproc(curthread)->p_pid);
94 	return (0);
95 }
96 
97 /*
98  * wrtmp does the real work of write requests for tmpfs.
99  */
100 static int
101 wrtmp(
102 	struct tmount *tm,
103 	struct tmpnode *tp,
104 	struct uio *uio,
105 	struct cred *cr,
106 	struct caller_context *ct)
107 {
108 	pgcnt_t pageoffset;	/* offset in pages */
109 	ulong_t segmap_offset;	/* pagesize byte offset into segmap */
110 	caddr_t base;		/* base of segmap */
111 	ssize_t bytes;		/* bytes to uiomove */
112 	pfn_t pagenumber;	/* offset in pages into tmp file */
113 	struct vnode *vp;
114 	int error = 0;
115 	int	pagecreate;	/* == 1 if we allocated a page */
116 	int	newpage;
117 	rlim64_t limit = uio->uio_llimit;
118 	long oresid = uio->uio_resid;
119 	timestruc_t now;
120 
121 	/*
122 	 * tp->tn_size is incremented before the uiomove
123 	 * is done on a write.  If the move fails (bad user
124 	 * address) reset tp->tn_size.
125 	 * The better way would be to increment tp->tn_size
126 	 * only if the uiomove succeeds.
127 	 */
128 	long tn_size_changed = 0;
129 	long old_tn_size;
130 
131 	vp = TNTOV(tp);
132 	ASSERT(vp->v_type == VREG);
133 
134 	TRACE_1(TR_FAC_TMPFS, TR_TMPFS_RWTMP_START,
135 		"tmp_wrtmp_start:vp %p", vp);
136 
137 	ASSERT(RW_WRITE_HELD(&tp->tn_contents));
138 	ASSERT(RW_WRITE_HELD(&tp->tn_rwlock));
139 
140 	if (MANDLOCK(vp, tp->tn_mode)) {
141 		rw_exit(&tp->tn_contents);
142 		/*
143 		 * tmp_getattr ends up being called by chklock
144 		 */
145 		error = chklock(vp, FWRITE,
146 			uio->uio_loffset, uio->uio_resid, uio->uio_fmode, ct);
147 		rw_enter(&tp->tn_contents, RW_WRITER);
148 		if (error != 0) {
149 			TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
150 				"tmp_wrtmp_end:vp %p error %d", vp, error);
151 			return (error);
152 		}
153 	}
154 
155 	if (uio->uio_loffset < 0)
156 		return (EINVAL);
157 
158 	if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
159 		limit = MAXOFFSET_T;
160 
161 	if (uio->uio_loffset >= limit) {
162 		proc_t *p = ttoproc(curthread);
163 
164 		mutex_enter(&p->p_lock);
165 		(void) rctl_action(rctlproc_legacy[RLIMIT_FSIZE], p->p_rctls,
166 		    p, RCA_UNSAFE_SIGINFO);
167 		mutex_exit(&p->p_lock);
168 		return (EFBIG);
169 	}
170 
171 	if (uio->uio_loffset >= MAXOFF_T) {
172 		TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
173 			"tmp_wrtmp_end:vp %p error %d", vp, EINVAL);
174 		return (EFBIG);
175 	}
176 
177 	if (uio->uio_resid == 0) {
178 		TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
179 			"tmp_wrtmp_end:vp %p error %d", vp, 0);
180 		return (0);
181 	}
182 
183 	if (limit > MAXOFF_T)
184 		limit = MAXOFF_T;
185 
186 	do {
187 		long	offset;
188 		long	delta;
189 
190 		offset = (long)uio->uio_offset;
191 		pageoffset = offset & PAGEOFFSET;
192 		/*
193 		 * A maximum of PAGESIZE bytes of data is transferred
194 		 * each pass through this loop
195 		 */
196 		bytes = MIN(PAGESIZE - pageoffset, uio->uio_resid);
197 
198 		if (offset + bytes >= limit) {
199 			if (offset >= limit) {
200 				error = EFBIG;
201 				goto out;
202 			}
203 			bytes = limit - offset;
204 		}
205 		pagenumber = btop(offset);
206 
207 		/*
208 		 * delta is the amount of anonymous memory
209 		 * to reserve for the file.
210 		 * We always reserve in pagesize increments so
211 		 * unless we're extending the file into a new page,
212 		 * we don't need to call tmp_resv.
213 		 */
214 		delta = offset + bytes -
215 		    P2ROUNDUP_TYPED(tp->tn_size, PAGESIZE, u_offset_t);
216 		if (delta > 0) {
217 			pagecreate = 1;
218 			if (tmp_resv(tm, tp, delta, pagecreate)) {
219 				/*
220 				 * Log file system full in the zone that owns
221 				 * the tmpfs mount, as well as in the global
222 				 * zone if necessary.
223 				 */
224 				zcmn_err(tm->tm_vfsp->vfs_zone->zone_id,
225 				    CE_WARN, "%s: File system full, "
226 				    "swap space limit exceeded",
227 				    tm->tm_mntpath);
228 
229 				if (tm->tm_vfsp->vfs_zone->zone_id !=
230 				    GLOBAL_ZONEID) {
231 
232 					vfs_t *vfs = tm->tm_vfsp;
233 
234 					zcmn_err(GLOBAL_ZONEID,
235 					    CE_WARN, "%s: File system full, "
236 					    "swap space limit exceeded",
237 					    vfs->vfs_vnodecovered->v_path);
238 				}
239 				error = ENOSPC;
240 				break;
241 			}
242 			tmpnode_growmap(tp, (ulong_t)offset + bytes);
243 		}
244 		/* grow the file to the new length */
245 		if (offset + bytes > tp->tn_size) {
246 			tn_size_changed = 1;
247 			old_tn_size = tp->tn_size;
248 			tp->tn_size = offset + bytes;
249 		}
250 		if (bytes == PAGESIZE) {
251 			/*
252 			 * Writing whole page so reading from disk
253 			 * is a waste
254 			 */
255 			pagecreate = 1;
256 		} else {
257 			pagecreate = 0;
258 		}
259 		/*
260 		 * If writing past EOF or filling in a hole
261 		 * we need to allocate an anon slot.
262 		 */
263 		if (anon_get_ptr(tp->tn_anon, pagenumber) == NULL) {
264 			(void) anon_set_ptr(tp->tn_anon, pagenumber,
265 				anon_alloc(vp, ptob(pagenumber)), ANON_SLEEP);
266 			pagecreate = 1;
267 			tp->tn_nblocks++;
268 		}
269 
270 		/*
271 		 * We have to drop the contents lock to prevent the VM
272 		 * system from trying to reaquire it in tmp_getpage()
273 		 * should the uiomove cause a pagefault. If we're doing
274 		 * a pagecreate segmap creates the page without calling
275 		 * the filesystem so we need to hold onto the lock until
276 		 * the page is created.
277 		 */
278 		if (!pagecreate)
279 			rw_exit(&tp->tn_contents);
280 
281 		newpage = 0;
282 		if (vpm_enable) {
283 			/*
284 			 * XXX Why do we need to hold the contents lock?
285 			 * The kpm mappings will not cause a fault.
286 			 *
287 			 * Copy data. If new pages are created, part of
288 			 * the page that is not written will be initizliazed
289 			 * with zeros.
290 			 */
291 			error = vpm_data_copy(vp, offset, bytes, uio,
292 				!pagecreate, &newpage, 1, S_WRITE);
293 
294 			if (pagecreate) {
295 				rw_exit(&tp->tn_contents);
296 			}
297 		} else {
298 			/* Get offset within the segmap mapping */
299 			segmap_offset = (offset & PAGEMASK) & MAXBOFFSET;
300 			base = segmap_getmapflt(segkmap, vp,
301 						(offset &  MAXBMASK),
302 			    PAGESIZE, !pagecreate, S_WRITE);
303 		}
304 
305 
306 		if (!vpm_enable && pagecreate) {
307 			rw_downgrade(&tp->tn_contents);
308 
309 			/*
310 			 * segmap_pagecreate() returns 1 if it calls
311 			 * page_create_va() to allocate any pages.
312 			 */
313 			newpage = segmap_pagecreate(segkmap,
314 			    base + segmap_offset, (size_t)PAGESIZE, 0);
315 			rw_exit(&tp->tn_contents);
316 			/*
317 			 * Clear from the beginning of the page to the starting
318 			 * offset of the data.
319 			 */
320 			if (pageoffset != 0)
321 				(void) kzero(base + segmap_offset,
322 				    (size_t)pageoffset);
323 		}
324 
325 		if (!vpm_enable) {
326 			error = uiomove(base + segmap_offset + pageoffset,
327 			(long)bytes, UIO_WRITE, uio);
328 		}
329 
330 		if (!vpm_enable && pagecreate &&
331 		    uio->uio_offset < P2ROUNDUP(offset + bytes, PAGESIZE)) {
332 			long	zoffset; /* zero from offset into page */
333 			/*
334 			 * We created pages w/o initializing them completely,
335 			 * thus we need to zero the part that wasn't set up.
336 			 * This happens on most EOF write cases and if
337 			 * we had some sort of error during the uiomove.
338 			 */
339 			long nmoved;
340 
341 			nmoved = uio->uio_offset - offset;
342 			ASSERT((nmoved + pageoffset) <= PAGESIZE);
343 
344 			/*
345 			 * Zero from the end of data in the page to the
346 			 * end of the page.
347 			 */
348 			if ((zoffset = pageoffset + nmoved) < PAGESIZE)
349 				(void) kzero(base + segmap_offset + zoffset,
350 					(size_t)PAGESIZE - zoffset);
351 		}
352 
353 		/*
354 		 * Unlock the pages which have been allocated by
355 		 * page_create_va() in segmap_pagecreate()
356 		 */
357 		if (!vpm_enable && newpage) {
358 			segmap_pageunlock(segkmap, base + segmap_offset,
359 			    (size_t)PAGESIZE, S_WRITE);
360 		}
361 
362 		if (error) {
363 			/*
364 			 * If we failed on a write, we must
365 			 * be sure to invalidate any pages that may have
366 			 * been allocated.
367 			 */
368 			if (vpm_enable) {
369 				(void) vpm_sync_pages(vp, offset,
370 						PAGESIZE, SM_INVAL);
371 			} else {
372 				(void) segmap_release(segkmap, base, SM_INVAL);
373 			}
374 		} else {
375 			if (vpm_enable) {
376 				error = vpm_sync_pages(vp, offset,
377 						PAGESIZE, 0);
378 			} else {
379 				error = segmap_release(segkmap, base, 0);
380 			}
381 		}
382 
383 		/*
384 		 * Re-acquire contents lock.
385 		 */
386 		rw_enter(&tp->tn_contents, RW_WRITER);
387 		/*
388 		 * If the uiomove failed, fix up tn_size.
389 		 */
390 		if (error) {
391 			if (tn_size_changed) {
392 				/*
393 				 * The uiomove failed, and we
394 				 * allocated blocks,so get rid
395 				 * of them.
396 				 */
397 				(void) tmpnode_trunc(tm, tp,
398 				    (ulong_t)old_tn_size);
399 			}
400 		} else {
401 			/*
402 			 * XXX - Can this be out of the loop?
403 			 */
404 			if ((tp->tn_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) &&
405 			    (tp->tn_mode & (S_ISUID | S_ISGID)) &&
406 			    secpolicy_vnode_setid_retain(cr,
407 			    (tp->tn_mode & S_ISUID) != 0 && tp->tn_uid == 0)) {
408 				/*
409 				 * Clear Set-UID & Set-GID bits on
410 				 * successful write if not privileged
411 				 * and at least one of the execute bits
412 				 * is set.  If we always clear Set-GID,
413 				 * mandatory file and record locking is
414 				 * unuseable.
415 				 */
416 				tp->tn_mode &= ~(S_ISUID | S_ISGID);
417 			}
418 			gethrestime(&now);
419 			tp->tn_mtime = now;
420 			tp->tn_ctime = now;
421 		}
422 	} while (error == 0 && uio->uio_resid > 0 && bytes != 0);
423 
424 out:
425 	/*
426 	 * If we've already done a partial-write, terminate
427 	 * the write but return no error.
428 	 */
429 	if (oresid != uio->uio_resid)
430 		error = 0;
431 	TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
432 		"tmp_wrtmp_end:vp %p error %d", vp, error);
433 	return (error);
434 }
435 
436 /*
437  * rdtmp does the real work of read requests for tmpfs.
438  */
439 static int
440 rdtmp(
441 	struct tmount *tm,
442 	struct tmpnode *tp,
443 	struct uio *uio,
444 	struct caller_context *ct)
445 {
446 	ulong_t pageoffset;	/* offset in tmpfs file (uio_offset) */
447 	ulong_t segmap_offset;	/* pagesize byte offset into segmap */
448 	caddr_t base;		/* base of segmap */
449 	ssize_t bytes;		/* bytes to uiomove */
450 	struct vnode *vp;
451 	int error;
452 	long oresid = uio->uio_resid;
453 
454 #if defined(lint)
455 	tm = tm;
456 #endif
457 	vp = TNTOV(tp);
458 
459 	TRACE_1(TR_FAC_TMPFS, TR_TMPFS_RWTMP_START,
460 		"tmp_rdtmp_start:vp %p", vp);
461 
462 	ASSERT(RW_LOCK_HELD(&tp->tn_contents));
463 
464 	if (MANDLOCK(vp, tp->tn_mode)) {
465 		rw_exit(&tp->tn_contents);
466 		/*
467 		 * tmp_getattr ends up being called by chklock
468 		 */
469 		error = chklock(vp, FREAD,
470 			uio->uio_loffset, uio->uio_resid, uio->uio_fmode, ct);
471 		rw_enter(&tp->tn_contents, RW_READER);
472 		if (error != 0) {
473 			TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
474 				"tmp_rdtmp_end:vp %p error %d", vp, error);
475 			return (error);
476 		}
477 	}
478 	ASSERT(tp->tn_type == VREG);
479 
480 	if (uio->uio_loffset >= MAXOFF_T) {
481 		TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
482 			"tmp_rdtmp_end:vp %p error %d", vp, EINVAL);
483 		return (0);
484 	}
485 	if (uio->uio_loffset < 0)
486 		return (EINVAL);
487 	if (uio->uio_resid == 0) {
488 		TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
489 			"tmp_rdtmp_end:vp %p error %d", vp, 0);
490 		return (0);
491 	}
492 
493 	vp = TNTOV(tp);
494 
495 	do {
496 		long diff;
497 		long offset;
498 
499 		offset = uio->uio_offset;
500 		pageoffset = offset & PAGEOFFSET;
501 		bytes = MIN(PAGESIZE - pageoffset, uio->uio_resid);
502 
503 		diff = tp->tn_size - offset;
504 
505 		if (diff <= 0) {
506 			error = 0;
507 			goto out;
508 		}
509 		if (diff < bytes)
510 			bytes = diff;
511 
512 		/*
513 		 * We have to drop the contents lock to prevent the VM
514 		 * system from trying to reaquire it in tmp_getpage()
515 		 * should the uiomove cause a pagefault.
516 		 */
517 		rw_exit(&tp->tn_contents);
518 
519 		if (vpm_enable) {
520 			/*
521 			 * Copy data.
522 			 */
523 			error = vpm_data_copy(vp, offset, bytes, uio,
524 				1, NULL, 0, S_READ);
525 		} else {
526 			segmap_offset = (offset & PAGEMASK) & MAXBOFFSET;
527 			base = segmap_getmapflt(segkmap, vp, offset & MAXBMASK,
528 			    bytes, 1, S_READ);
529 
530 			error = uiomove(base + segmap_offset + pageoffset,
531 			    (long)bytes, UIO_READ, uio);
532 		}
533 
534 		if (error) {
535 			if (vpm_enable) {
536 				(void) vpm_sync_pages(vp, offset,
537 						PAGESIZE, 0);
538 			} else {
539 				(void) segmap_release(segkmap, base, 0);
540 			}
541 		} else {
542 			if (vpm_enable) {
543 				error = vpm_sync_pages(vp, offset,
544 						PAGESIZE, 0);
545 			} else {
546 				error = segmap_release(segkmap, base, 0);
547 			}
548 		}
549 
550 		/*
551 		 * Re-acquire contents lock.
552 		 */
553 		rw_enter(&tp->tn_contents, RW_READER);
554 
555 	} while (error == 0 && uio->uio_resid > 0);
556 
557 out:
558 	gethrestime(&tp->tn_atime);
559 
560 	/*
561 	 * If we've already done a partial read, terminate
562 	 * the read but return no error.
563 	 */
564 	if (oresid != uio->uio_resid)
565 		error = 0;
566 
567 	TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
568 		"tmp_rdtmp_end:vp %x error %d", vp, error);
569 	return (error);
570 }
571 
572 /* ARGSUSED2 */
573 static int
574 tmp_read(struct vnode *vp, struct uio *uiop, int ioflag, cred_t *cred,
575 	struct caller_context *ct)
576 {
577 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
578 	struct tmount *tm = (struct tmount *)VTOTM(vp);
579 	int error;
580 
581 	/*
582 	 * We don't currently support reading non-regular files
583 	 */
584 	if (vp->v_type == VDIR)
585 		return (EISDIR);
586 	if (vp->v_type != VREG)
587 		return (EINVAL);
588 	/*
589 	 * tmp_rwlock should have already been called from layers above
590 	 */
591 	ASSERT(RW_READ_HELD(&tp->tn_rwlock));
592 
593 	rw_enter(&tp->tn_contents, RW_READER);
594 
595 	error = rdtmp(tm, tp, uiop, ct);
596 
597 	rw_exit(&tp->tn_contents);
598 
599 	return (error);
600 }
601 
602 static int
603 tmp_write(struct vnode *vp, struct uio *uiop, int ioflag, struct cred *cred,
604 	struct caller_context *ct)
605 {
606 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
607 	struct tmount *tm = (struct tmount *)VTOTM(vp);
608 	int error;
609 
610 	/*
611 	 * We don't currently support writing to non-regular files
612 	 */
613 	if (vp->v_type != VREG)
614 		return (EINVAL);	/* XXX EISDIR? */
615 
616 	/*
617 	 * tmp_rwlock should have already been called from layers above
618 	 */
619 	ASSERT(RW_WRITE_HELD(&tp->tn_rwlock));
620 
621 	rw_enter(&tp->tn_contents, RW_WRITER);
622 
623 	if (ioflag & FAPPEND) {
624 		/*
625 		 * In append mode start at end of file.
626 		 */
627 		uiop->uio_loffset = tp->tn_size;
628 	}
629 
630 	error = wrtmp(tm, tp, uiop, cred, ct);
631 
632 	rw_exit(&tp->tn_contents);
633 
634 	return (error);
635 }
636 
637 /* ARGSUSED */
638 static int
639 tmp_ioctl(struct vnode *vp, int com, intptr_t data, int flag,
640     struct cred *cred, int *rvalp)
641 {
642 	return (ENOTTY);
643 }
644 
645 /* ARGSUSED2 */
646 static int
647 tmp_getattr(struct vnode *vp, struct vattr *vap, int flags, struct cred *cred)
648 {
649 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
650 	struct vnode *mvp;
651 	struct vattr va;
652 	int attrs = 1;
653 
654 	/*
655 	 * A special case to handle the root tnode on a diskless nfs
656 	 * client who may have had its uid and gid inherited
657 	 * from an nfs vnode with nobody ownership.  Likely the
658 	 * root filesystem. After nfs is fully functional the uid/gid
659 	 * may be mapable so ask again.
660 	 * vfsp can't get unmounted because we hold vp.
661 	 */
662 	if (vp->v_flag & VROOT &&
663 	    (mvp = vp->v_vfsp->vfs_vnodecovered) != NULL) {
664 		mutex_enter(&tp->tn_tlock);
665 		if (tp->tn_uid == UID_NOBODY || tp->tn_gid == GID_NOBODY) {
666 			mutex_exit(&tp->tn_tlock);
667 			bzero(&va, sizeof (struct vattr));
668 			va.va_mask = AT_UID|AT_GID;
669 			attrs = VOP_GETATTR(mvp, &va, 0, cred);
670 		} else {
671 			mutex_exit(&tp->tn_tlock);
672 		}
673 	}
674 	mutex_enter(&tp->tn_tlock);
675 	if (attrs == 0) {
676 		tp->tn_uid = va.va_uid;
677 		tp->tn_gid = va.va_gid;
678 	}
679 	vap->va_type = vp->v_type;
680 	vap->va_mode = tp->tn_mode & MODEMASK;
681 	vap->va_uid = tp->tn_uid;
682 	vap->va_gid = tp->tn_gid;
683 	vap->va_fsid = tp->tn_fsid;
684 	vap->va_nodeid = (ino64_t)tp->tn_nodeid;
685 	vap->va_nlink = tp->tn_nlink;
686 	vap->va_size = (u_offset_t)tp->tn_size;
687 	vap->va_atime = tp->tn_atime;
688 	vap->va_mtime = tp->tn_mtime;
689 	vap->va_ctime = tp->tn_ctime;
690 	vap->va_blksize = PAGESIZE;
691 	vap->va_rdev = tp->tn_rdev;
692 	vap->va_seq = tp->tn_seq;
693 
694 	/*
695 	 * XXX Holes are not taken into account.  We could take the time to
696 	 * run through the anon array looking for allocated slots...
697 	 */
698 	vap->va_nblocks = (fsblkcnt64_t)btodb(ptob(btopr(vap->va_size)));
699 	mutex_exit(&tp->tn_tlock);
700 	return (0);
701 }
702 
703 /*ARGSUSED4*/
704 static int
705 tmp_setattr(
706 	struct vnode *vp,
707 	struct vattr *vap,
708 	int flags,
709 	struct cred *cred,
710 	caller_context_t *ct)
711 {
712 	struct tmount *tm = (struct tmount *)VTOTM(vp);
713 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
714 	int error = 0;
715 	struct vattr *get;
716 	long mask;
717 
718 	/*
719 	 * Cannot set these attributes
720 	 */
721 	if (vap->va_mask & AT_NOSET)
722 		return (EINVAL);
723 
724 	mutex_enter(&tp->tn_tlock);
725 
726 	get = &tp->tn_attr;
727 	/*
728 	 * Change file access modes. Must be owner or have sufficient
729 	 * privileges.
730 	 */
731 	error = secpolicy_vnode_setattr(cred, vp, vap, get, flags,
732 			    tmp_taccess, tp);
733 
734 	if (error)
735 		goto out;
736 
737 	mask = vap->va_mask;
738 
739 	if (mask & AT_MODE) {
740 		get->va_mode &= S_IFMT;
741 		get->va_mode |= vap->va_mode & ~S_IFMT;
742 	}
743 
744 	if (mask & AT_UID)
745 		get->va_uid = vap->va_uid;
746 	if (mask & AT_GID)
747 		get->va_gid = vap->va_gid;
748 	if (mask & AT_ATIME)
749 		get->va_atime = vap->va_atime;
750 	if (mask & AT_MTIME)
751 		get->va_mtime = vap->va_mtime;
752 
753 	if (mask & (AT_UID | AT_GID | AT_MODE | AT_MTIME))
754 		gethrestime(&tp->tn_ctime);
755 
756 	if (mask & AT_SIZE) {
757 		ASSERT(vp->v_type != VDIR);
758 
759 		/* Don't support large files. */
760 		if (vap->va_size > MAXOFF_T) {
761 			error = EFBIG;
762 			goto out;
763 		}
764 		mutex_exit(&tp->tn_tlock);
765 
766 		rw_enter(&tp->tn_rwlock, RW_WRITER);
767 		rw_enter(&tp->tn_contents, RW_WRITER);
768 		error = tmpnode_trunc(tm, tp, (ulong_t)vap->va_size);
769 		rw_exit(&tp->tn_contents);
770 		rw_exit(&tp->tn_rwlock);
771 		goto out1;
772 	}
773 out:
774 	mutex_exit(&tp->tn_tlock);
775 out1:
776 	return (error);
777 }
778 
779 /* ARGSUSED2 */
780 static int
781 tmp_access(struct vnode *vp, int mode, int flags, struct cred *cred)
782 {
783 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
784 	int error;
785 
786 	mutex_enter(&tp->tn_tlock);
787 	error = tmp_taccess(tp, mode, cred);
788 	mutex_exit(&tp->tn_tlock);
789 	return (error);
790 }
791 
792 /* ARGSUSED3 */
793 static int
794 tmp_lookup(
795 	struct vnode *dvp,
796 	char *nm,
797 	struct vnode **vpp,
798 	struct pathname *pnp,
799 	int flags,
800 	struct vnode *rdir,
801 	struct cred *cred)
802 {
803 	struct tmpnode *tp = (struct tmpnode *)VTOTN(dvp);
804 	struct tmpnode *ntp = NULL;
805 	int error;
806 
807 
808 	/* allow cd into @ dir */
809 	if (flags & LOOKUP_XATTR) {
810 		struct tmpnode *xdp;
811 		struct tmount *tm;
812 
813 		if (tp->tn_flags & ISXATTR)
814 			/* No attributes on attributes */
815 			return (EINVAL);
816 
817 		rw_enter(&tp->tn_rwlock, RW_WRITER);
818 		if (tp->tn_xattrdp == NULL) {
819 			if (!(flags & CREATE_XATTR_DIR)) {
820 				rw_exit(&tp->tn_rwlock);
821 				return (ENOENT);
822 			}
823 
824 			/*
825 			 * No attribute directory exists for this
826 			 * node - create the attr dir as a side effect
827 			 * of this lookup.
828 			 */
829 
830 			/*
831 			 * Make sure we have adequate permission...
832 			 */
833 
834 			if ((error = tmp_taccess(tp, VWRITE, cred)) != 0) {
835 				rw_exit(&tp->tn_rwlock);
836 				return (error);
837 			}
838 
839 			xdp = tmp_memalloc(sizeof (struct tmpnode),
840 				TMP_MUSTHAVE);
841 			tm = VTOTM(dvp);
842 			tmpnode_init(tm, xdp, &tp->tn_attr, NULL);
843 			/*
844 			 * Fix-up fields unique to attribute directories.
845 			 */
846 			xdp->tn_flags = ISXATTR;
847 			xdp->tn_type = VDIR;
848 			if (tp->tn_type == VDIR) {
849 				xdp->tn_mode = tp->tn_attr.va_mode;
850 			} else {
851 				xdp->tn_mode = 0700;
852 				if (tp->tn_attr.va_mode & 0040)
853 					xdp->tn_mode |= 0750;
854 				if (tp->tn_attr.va_mode & 0004)
855 					xdp->tn_mode |= 0705;
856 			}
857 			xdp->tn_vnode->v_type = VDIR;
858 			xdp->tn_vnode->v_flag |= V_XATTRDIR;
859 			tdirinit(tp, xdp);
860 			tp->tn_xattrdp = xdp;
861 		} else {
862 			VN_HOLD(tp->tn_xattrdp->tn_vnode);
863 		}
864 		*vpp = TNTOV(tp->tn_xattrdp);
865 		rw_exit(&tp->tn_rwlock);
866 		return (0);
867 	}
868 
869 	/*
870 	 * Null component name is a synonym for directory being searched.
871 	 */
872 	if (*nm == '\0') {
873 		VN_HOLD(dvp);
874 		*vpp = dvp;
875 		return (0);
876 	}
877 	ASSERT(tp);
878 
879 	error = tdirlookup(tp, nm, &ntp, cred);
880 
881 	if (error == 0) {
882 		ASSERT(ntp);
883 		*vpp = TNTOV(ntp);
884 		/*
885 		 * If vnode is a device return special vnode instead
886 		 */
887 		if (IS_DEVVP(*vpp)) {
888 			struct vnode *newvp;
889 
890 			newvp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type,
891 			    cred);
892 			VN_RELE(*vpp);
893 			*vpp = newvp;
894 		}
895 	}
896 	TRACE_4(TR_FAC_TMPFS, TR_TMPFS_LOOKUP,
897 	    "tmpfs lookup:vp %p name %s vpp %p error %d",
898 	    dvp, nm, vpp, error);
899 	return (error);
900 }
901 
902 /*ARGSUSED7*/
903 static int
904 tmp_create(
905 	struct vnode *dvp,
906 	char *nm,
907 	struct vattr *vap,
908 	enum vcexcl exclusive,
909 	int mode,
910 	struct vnode **vpp,
911 	struct cred *cred,
912 	int flag)
913 {
914 	struct tmpnode *parent;
915 	struct tmount *tm;
916 	struct tmpnode *self;
917 	int error;
918 	struct tmpnode *oldtp;
919 
920 again:
921 	parent = (struct tmpnode *)VTOTN(dvp);
922 	tm = (struct tmount *)VTOTM(dvp);
923 	self = NULL;
924 	error = 0;
925 	oldtp = NULL;
926 
927 	/* device files not allowed in ext. attr dirs */
928 	if ((parent->tn_flags & ISXATTR) &&
929 		(vap->va_type == VBLK || vap->va_type == VCHR ||
930 		vap->va_type == VFIFO || vap->va_type == VDOOR ||
931 		vap->va_type == VSOCK || vap->va_type == VPORT))
932 			return (EINVAL);
933 
934 	if (vap->va_type == VREG && (vap->va_mode & VSVTX)) {
935 		/* Must be privileged to set sticky bit */
936 		if (secpolicy_vnode_stky_modify(cred))
937 			vap->va_mode &= ~VSVTX;
938 	} else if (vap->va_type == VNON) {
939 		return (EINVAL);
940 	}
941 
942 	/*
943 	 * Null component name is a synonym for directory being searched.
944 	 */
945 	if (*nm == '\0') {
946 		VN_HOLD(dvp);
947 		oldtp = parent;
948 	} else {
949 		error = tdirlookup(parent, nm, &oldtp, cred);
950 	}
951 
952 	if (error == 0) {	/* name found */
953 		ASSERT(oldtp);
954 
955 		rw_enter(&oldtp->tn_rwlock, RW_WRITER);
956 
957 		/*
958 		 * if create/read-only an existing
959 		 * directory, allow it
960 		 */
961 		if (exclusive == EXCL)
962 			error = EEXIST;
963 		else if ((oldtp->tn_type == VDIR) && (mode & VWRITE))
964 			error = EISDIR;
965 		else {
966 			error = tmp_taccess(oldtp, mode, cred);
967 		}
968 
969 		if (error) {
970 			rw_exit(&oldtp->tn_rwlock);
971 			tmpnode_rele(oldtp);
972 			return (error);
973 		}
974 		*vpp = TNTOV(oldtp);
975 		if ((*vpp)->v_type == VREG && (vap->va_mask & AT_SIZE) &&
976 		    vap->va_size == 0) {
977 			rw_enter(&oldtp->tn_contents, RW_WRITER);
978 			(void) tmpnode_trunc(tm, oldtp, 0);
979 			rw_exit(&oldtp->tn_contents);
980 		}
981 		rw_exit(&oldtp->tn_rwlock);
982 		if (IS_DEVVP(*vpp)) {
983 			struct vnode *newvp;
984 
985 			newvp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type,
986 			    cred);
987 			VN_RELE(*vpp);
988 			if (newvp == NULL) {
989 				return (ENOSYS);
990 			}
991 			*vpp = newvp;
992 		}
993 		return (0);
994 	}
995 
996 	if (error != ENOENT)
997 		return (error);
998 
999 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1000 	error = tdirenter(tm, parent, nm, DE_CREATE,
1001 	    (struct tmpnode *)NULL, (struct tmpnode *)NULL,
1002 	    vap, &self, cred);
1003 	rw_exit(&parent->tn_rwlock);
1004 
1005 	if (error) {
1006 		if (self)
1007 			tmpnode_rele(self);
1008 
1009 		if (error == EEXIST) {
1010 			/*
1011 			 * This means that the file was created sometime
1012 			 * after we checked and did not find it and when
1013 			 * we went to create it.
1014 			 * Since creat() is supposed to truncate a file
1015 			 * that already exits go back to the begining
1016 			 * of the function. This time we will find it
1017 			 * and go down the tmp_trunc() path
1018 			 */
1019 			goto again;
1020 		}
1021 		return (error);
1022 	}
1023 
1024 	*vpp = TNTOV(self);
1025 
1026 	if (!error && IS_DEVVP(*vpp)) {
1027 		struct vnode *newvp;
1028 
1029 		newvp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type, cred);
1030 		VN_RELE(*vpp);
1031 		if (newvp == NULL)
1032 			return (ENOSYS);
1033 		*vpp = newvp;
1034 	}
1035 	TRACE_3(TR_FAC_TMPFS, TR_TMPFS_CREATE,
1036 		"tmpfs create:dvp %p nm %s vpp %p", dvp, nm, vpp);
1037 	return (0);
1038 }
1039 
1040 static int
1041 tmp_remove(struct vnode *dvp, char *nm, struct cred *cred)
1042 {
1043 	struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1044 	int error;
1045 	struct tmpnode *tp = NULL;
1046 
1047 	error = tdirlookup(parent, nm, &tp, cred);
1048 	if (error)
1049 		return (error);
1050 
1051 	ASSERT(tp);
1052 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1053 	rw_enter(&tp->tn_rwlock, RW_WRITER);
1054 
1055 	if (tp->tn_type != VDIR ||
1056 	    (error = secpolicy_fs_linkdir(cred, dvp->v_vfsp)) == 0)
1057 		error = tdirdelete(parent, tp, nm, DR_REMOVE, cred);
1058 
1059 	rw_exit(&tp->tn_rwlock);
1060 	rw_exit(&parent->tn_rwlock);
1061 	vnevent_remove(TNTOV(tp));
1062 	tmpnode_rele(tp);
1063 
1064 	TRACE_3(TR_FAC_TMPFS, TR_TMPFS_REMOVE,
1065 		"tmpfs remove:dvp %p nm %s error %d", dvp, nm, error);
1066 	return (error);
1067 }
1068 
1069 static int
1070 tmp_link(struct vnode *dvp, struct vnode *srcvp, char *tnm, struct cred *cred)
1071 {
1072 	struct tmpnode *parent;
1073 	struct tmpnode *from;
1074 	struct tmount *tm = (struct tmount *)VTOTM(dvp);
1075 	int error;
1076 	struct tmpnode *found = NULL;
1077 	struct vnode *realvp;
1078 
1079 	if (VOP_REALVP(srcvp, &realvp) == 0)
1080 		srcvp = realvp;
1081 
1082 	parent = (struct tmpnode *)VTOTN(dvp);
1083 	from = (struct tmpnode *)VTOTN(srcvp);
1084 
1085 	if ((srcvp->v_type == VDIR &&
1086 	    secpolicy_fs_linkdir(cred, dvp->v_vfsp)) ||
1087 	    (from->tn_uid != crgetuid(cred) && secpolicy_basic_link(cred)))
1088 		return (EPERM);
1089 
1090 	/*
1091 	 * Make sure link for extended attributes is valid
1092 	 * We only support hard linking of xattr's in xattrdir to an xattrdir
1093 	 */
1094 	if ((from->tn_flags & ISXATTR) != (parent->tn_flags & ISXATTR))
1095 		return (EINVAL);
1096 
1097 	error = tdirlookup(parent, tnm, &found, cred);
1098 	if (error == 0) {
1099 		ASSERT(found);
1100 		tmpnode_rele(found);
1101 		return (EEXIST);
1102 	}
1103 
1104 	if (error != ENOENT)
1105 		return (error);
1106 
1107 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1108 	error = tdirenter(tm, parent, tnm, DE_LINK, (struct tmpnode *)NULL,
1109 		from, NULL, (struct tmpnode **)NULL, cred);
1110 	rw_exit(&parent->tn_rwlock);
1111 	return (error);
1112 }
1113 
1114 static int
1115 tmp_rename(
1116 	struct vnode *odvp,	/* source parent vnode */
1117 	char *onm,		/* source name */
1118 	struct vnode *ndvp,	/* destination parent vnode */
1119 	char *nnm,		/* destination name */
1120 	struct cred *cred)
1121 {
1122 	struct tmpnode *fromparent;
1123 	struct tmpnode *toparent;
1124 	struct tmpnode *fromtp = NULL;	/* source tmpnode */
1125 	struct tmount *tm = (struct tmount *)VTOTM(odvp);
1126 	int error;
1127 	int samedir = 0;	/* set if odvp == ndvp */
1128 	struct vnode *realvp;
1129 
1130 	if (VOP_REALVP(ndvp, &realvp) == 0)
1131 		ndvp = realvp;
1132 
1133 	fromparent = (struct tmpnode *)VTOTN(odvp);
1134 	toparent = (struct tmpnode *)VTOTN(ndvp);
1135 
1136 	if ((fromparent->tn_flags & ISXATTR) != (toparent->tn_flags & ISXATTR))
1137 		return (EINVAL);
1138 
1139 	mutex_enter(&tm->tm_renamelck);
1140 
1141 	/*
1142 	 * Look up tmpnode of file we're supposed to rename.
1143 	 */
1144 	error = tdirlookup(fromparent, onm, &fromtp, cred);
1145 	if (error) {
1146 		mutex_exit(&tm->tm_renamelck);
1147 		return (error);
1148 	}
1149 
1150 	/*
1151 	 * Make sure we can delete the old (source) entry.  This
1152 	 * requires write permission on the containing directory.  If
1153 	 * that directory is "sticky" it requires further checks.
1154 	 */
1155 	if (((error = tmp_taccess(fromparent, VWRITE, cred)) != 0) ||
1156 	    (error = tmp_sticky_remove_access(fromparent, fromtp, cred)) != 0)
1157 		goto done;
1158 
1159 	/*
1160 	 * Check for renaming to or from '.' or '..' or that
1161 	 * fromtp == fromparent
1162 	 */
1163 	if ((onm[0] == '.' &&
1164 	    (onm[1] == '\0' || (onm[1] == '.' && onm[2] == '\0'))) ||
1165 	    (nnm[0] == '.' &&
1166 	    (nnm[1] == '\0' || (nnm[1] == '.' && nnm[2] == '\0'))) ||
1167 	    (fromparent == fromtp)) {
1168 		error = EINVAL;
1169 		goto done;
1170 	}
1171 
1172 	samedir = (fromparent == toparent);
1173 	/*
1174 	 * Make sure we can search and rename into the new
1175 	 * (destination) directory.
1176 	 */
1177 	if (!samedir) {
1178 		error = tmp_taccess(toparent, VEXEC|VWRITE, cred);
1179 		if (error)
1180 			goto done;
1181 	}
1182 
1183 	/*
1184 	 * Link source to new target
1185 	 */
1186 	rw_enter(&toparent->tn_rwlock, RW_WRITER);
1187 	error = tdirenter(tm, toparent, nnm, DE_RENAME,
1188 	    fromparent, fromtp, (struct vattr *)NULL,
1189 	    (struct tmpnode **)NULL, cred);
1190 	rw_exit(&toparent->tn_rwlock);
1191 
1192 	if (error) {
1193 		/*
1194 		 * ESAME isn't really an error; it indicates that the
1195 		 * operation should not be done because the source and target
1196 		 * are the same file, but that no error should be reported.
1197 		 */
1198 		if (error == ESAME)
1199 			error = 0;
1200 		goto done;
1201 	}
1202 
1203 	/*
1204 	 * Unlink from source.
1205 	 */
1206 	rw_enter(&fromparent->tn_rwlock, RW_WRITER);
1207 	rw_enter(&fromtp->tn_rwlock, RW_WRITER);
1208 
1209 	error = tdirdelete(fromparent, fromtp, onm, DR_RENAME, cred);
1210 
1211 	/*
1212 	 * The following handles the case where our source tmpnode was
1213 	 * removed before we got to it.
1214 	 *
1215 	 * XXX We should also cleanup properly in the case where tdirdelete
1216 	 * fails for some other reason.  Currently this case shouldn't happen.
1217 	 * (see 1184991).
1218 	 */
1219 	if (error == ENOENT)
1220 		error = 0;
1221 
1222 	rw_exit(&fromtp->tn_rwlock);
1223 	rw_exit(&fromparent->tn_rwlock);
1224 done:
1225 	tmpnode_rele(fromtp);
1226 	mutex_exit(&tm->tm_renamelck);
1227 
1228 	TRACE_5(TR_FAC_TMPFS, TR_TMPFS_RENAME,
1229 		"tmpfs rename:ovp %p onm %s nvp %p nnm %s error %d",
1230 		odvp, onm, ndvp, nnm, error);
1231 	return (error);
1232 }
1233 
1234 static int
1235 tmp_mkdir(
1236 	struct vnode *dvp,
1237 	char *nm,
1238 	struct vattr *va,
1239 	struct vnode **vpp,
1240 	struct cred *cred)
1241 {
1242 	struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1243 	struct tmpnode *self = NULL;
1244 	struct tmount *tm = (struct tmount *)VTOTM(dvp);
1245 	int error;
1246 
1247 	/* no new dirs allowed in xattr dirs */
1248 	if (parent->tn_flags & ISXATTR)
1249 		return (EINVAL);
1250 
1251 	/*
1252 	 * Might be dangling directory.  Catch it here,
1253 	 * because a ENOENT return from tdirlookup() is
1254 	 * an "o.k. return".
1255 	 */
1256 	if (parent->tn_nlink == 0)
1257 		return (ENOENT);
1258 
1259 	error = tdirlookup(parent, nm, &self, cred);
1260 	if (error == 0) {
1261 		ASSERT(self);
1262 		tmpnode_rele(self);
1263 		return (EEXIST);
1264 	}
1265 	if (error != ENOENT)
1266 		return (error);
1267 
1268 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1269 	error = tdirenter(tm, parent, nm, DE_MKDIR,
1270 		(struct tmpnode *)NULL, (struct tmpnode *)NULL, va,
1271 		&self, cred);
1272 	if (error) {
1273 		rw_exit(&parent->tn_rwlock);
1274 		if (self)
1275 			tmpnode_rele(self);
1276 		return (error);
1277 	}
1278 	rw_exit(&parent->tn_rwlock);
1279 	*vpp = TNTOV(self);
1280 	return (0);
1281 }
1282 
1283 static int
1284 tmp_rmdir(
1285 	struct vnode *dvp,
1286 	char *nm,
1287 	struct vnode *cdir,
1288 	struct cred *cred)
1289 {
1290 	struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1291 	struct tmpnode *self = NULL;
1292 	struct vnode *vp;
1293 	int error = 0;
1294 
1295 	/*
1296 	 * Return error when removing . and ..
1297 	 */
1298 	if (strcmp(nm, ".") == 0)
1299 		return (EINVAL);
1300 	if (strcmp(nm, "..") == 0)
1301 		return (EEXIST); /* Should be ENOTEMPTY */
1302 	error = tdirlookup(parent, nm, &self, cred);
1303 	if (error)
1304 		return (error);
1305 
1306 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1307 	rw_enter(&self->tn_rwlock, RW_WRITER);
1308 
1309 	vp = TNTOV(self);
1310 	if (vp == dvp || vp == cdir) {
1311 		error = EINVAL;
1312 		goto done1;
1313 	}
1314 	if (self->tn_type != VDIR) {
1315 		error = ENOTDIR;
1316 		goto done1;
1317 	}
1318 
1319 	mutex_enter(&self->tn_tlock);
1320 	if (self->tn_nlink > 2) {
1321 		mutex_exit(&self->tn_tlock);
1322 		error = EEXIST;
1323 		goto done1;
1324 	}
1325 	mutex_exit(&self->tn_tlock);
1326 
1327 	if (vn_vfswlock(vp)) {
1328 		error = EBUSY;
1329 		goto done1;
1330 	}
1331 	if (vn_mountedvfs(vp) != NULL) {
1332 		error = EBUSY;
1333 		goto done;
1334 	}
1335 
1336 	/*
1337 	 * Check for an empty directory
1338 	 * i.e. only includes entries for "." and ".."
1339 	 */
1340 	if (self->tn_dirents > 2) {
1341 		error = EEXIST;		/* SIGH should be ENOTEMPTY */
1342 		/*
1343 		 * Update atime because checking tn_dirents is logically
1344 		 * equivalent to reading the directory
1345 		 */
1346 		gethrestime(&self->tn_atime);
1347 		goto done;
1348 	}
1349 
1350 	error = tdirdelete(parent, self, nm, DR_RMDIR, cred);
1351 done:
1352 	vn_vfsunlock(vp);
1353 done1:
1354 	rw_exit(&self->tn_rwlock);
1355 	rw_exit(&parent->tn_rwlock);
1356 	vnevent_rmdir(TNTOV(self));
1357 	tmpnode_rele(self);
1358 
1359 	return (error);
1360 }
1361 
1362 /* ARGSUSED2 */
1363 
1364 static int
1365 tmp_readdir(struct vnode *vp, struct uio *uiop, struct cred *cred, int *eofp)
1366 {
1367 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1368 	struct tdirent *tdp;
1369 	int error = 0;
1370 	size_t namelen;
1371 	struct dirent64 *dp;
1372 	ulong_t offset;
1373 	ulong_t total_bytes_wanted;
1374 	long outcount = 0;
1375 	long bufsize;
1376 	int reclen;
1377 	caddr_t outbuf;
1378 
1379 	if (uiop->uio_loffset >= MAXOFF_T) {
1380 		if (eofp)
1381 			*eofp = 1;
1382 		return (0);
1383 	}
1384 	/*
1385 	 * assuming system call has already called tmp_rwlock
1386 	 */
1387 	ASSERT(RW_READ_HELD(&tp->tn_rwlock));
1388 
1389 	if (uiop->uio_iovcnt != 1)
1390 		return (EINVAL);
1391 
1392 	if (vp->v_type != VDIR)
1393 		return (ENOTDIR);
1394 
1395 	/*
1396 	 * There's a window here where someone could have removed
1397 	 * all the entries in the directory after we put a hold on the
1398 	 * vnode but before we grabbed the rwlock.  Just return.
1399 	 */
1400 	if (tp->tn_dir == NULL) {
1401 		if (tp->tn_nlink) {
1402 			panic("empty directory 0x%p", (void *)tp);
1403 			/*NOTREACHED*/
1404 		}
1405 		return (0);
1406 	}
1407 
1408 	/*
1409 	 * Get space for multiple directory entries
1410 	 */
1411 	total_bytes_wanted = uiop->uio_iov->iov_len;
1412 	bufsize = total_bytes_wanted + sizeof (struct dirent64);
1413 	outbuf = kmem_alloc(bufsize, KM_SLEEP);
1414 
1415 	dp = (struct dirent64 *)outbuf;
1416 
1417 
1418 	offset = 0;
1419 	tdp = tp->tn_dir;
1420 	while (tdp) {
1421 		namelen = strlen(tdp->td_name);	/* no +1 needed */
1422 		offset = tdp->td_offset;
1423 		if (offset >= uiop->uio_offset) {
1424 			reclen = (int)DIRENT64_RECLEN(namelen);
1425 			if (outcount + reclen > total_bytes_wanted) {
1426 				if (!outcount)
1427 					/*
1428 					 * Buffer too small for any entries.
1429 					 */
1430 					error = EINVAL;
1431 				break;
1432 			}
1433 			ASSERT(tdp->td_tmpnode != NULL);
1434 
1435 			/* use strncpy(9f) to zero out uninitialized bytes */
1436 
1437 			(void) strncpy(dp->d_name, tdp->td_name,
1438 			    DIRENT64_NAMELEN(reclen));
1439 			dp->d_reclen = (ushort_t)reclen;
1440 			dp->d_ino = (ino64_t)tdp->td_tmpnode->tn_nodeid;
1441 			dp->d_off = (offset_t)tdp->td_offset + 1;
1442 			dp = (struct dirent64 *)
1443 			    ((uintptr_t)dp + dp->d_reclen);
1444 			outcount += reclen;
1445 			ASSERT(outcount <= bufsize);
1446 		}
1447 		tdp = tdp->td_next;
1448 	}
1449 
1450 	if (!error)
1451 		error = uiomove(outbuf, outcount, UIO_READ, uiop);
1452 
1453 	if (!error) {
1454 		/* If we reached the end of the list our offset */
1455 		/* should now be just past the end. */
1456 		if (!tdp) {
1457 			offset += 1;
1458 			if (eofp)
1459 				*eofp = 1;
1460 		} else if (eofp)
1461 			*eofp = 0;
1462 		uiop->uio_offset = offset;
1463 	}
1464 	gethrestime(&tp->tn_atime);
1465 	kmem_free(outbuf, bufsize);
1466 	return (error);
1467 }
1468 
1469 static int
1470 tmp_symlink(
1471 	struct vnode *dvp,
1472 	char *lnm,
1473 	struct vattr *tva,
1474 	char *tnm,
1475 	struct cred *cred)
1476 {
1477 	struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1478 	struct tmpnode *self = (struct tmpnode *)NULL;
1479 	struct tmount *tm = (struct tmount *)VTOTM(dvp);
1480 	char *cp = NULL;
1481 	int error;
1482 	size_t len;
1483 
1484 	/* no symlinks allowed to files in xattr dirs */
1485 	if (parent->tn_flags & ISXATTR)
1486 		return (EINVAL);
1487 
1488 	error = tdirlookup(parent, lnm, &self, cred);
1489 	if (error == 0) {
1490 		/*
1491 		 * The entry already exists
1492 		 */
1493 		tmpnode_rele(self);
1494 		return (EEXIST);	/* was 0 */
1495 	}
1496 
1497 	if (error != ENOENT) {
1498 		if (self != NULL)
1499 			tmpnode_rele(self);
1500 		return (error);
1501 	}
1502 
1503 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1504 	error = tdirenter(tm, parent, lnm, DE_CREATE, (struct tmpnode *)NULL,
1505 	    (struct tmpnode *)NULL, tva, &self, cred);
1506 	rw_exit(&parent->tn_rwlock);
1507 
1508 	if (error) {
1509 		if (self)
1510 			tmpnode_rele(self);
1511 		return (error);
1512 	}
1513 	len = strlen(tnm) + 1;
1514 	cp = tmp_memalloc(len, 0);
1515 	if (cp == NULL) {
1516 		tmpnode_rele(self);
1517 		return (ENOSPC);
1518 	}
1519 	(void) strcpy(cp, tnm);
1520 
1521 	self->tn_symlink = cp;
1522 	self->tn_size = len - 1;
1523 	tmpnode_rele(self);
1524 	return (error);
1525 }
1526 
1527 /* ARGSUSED2 */
1528 static int
1529 tmp_readlink(struct vnode *vp, struct uio *uiop, struct cred *cred)
1530 {
1531 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1532 	int error = 0;
1533 
1534 	if (vp->v_type != VLNK)
1535 		return (EINVAL);
1536 
1537 	rw_enter(&tp->tn_rwlock, RW_READER);
1538 	rw_enter(&tp->tn_contents, RW_READER);
1539 	error = uiomove(tp->tn_symlink, tp->tn_size, UIO_READ, uiop);
1540 	gethrestime(&tp->tn_atime);
1541 	rw_exit(&tp->tn_contents);
1542 	rw_exit(&tp->tn_rwlock);
1543 	return (error);
1544 }
1545 
1546 /* ARGSUSED */
1547 static int
1548 tmp_fsync(struct vnode *vp, int syncflag, struct cred *cred)
1549 {
1550 	return (0);
1551 }
1552 
1553 /* ARGSUSED */
1554 static void
1555 tmp_inactive(struct vnode *vp, struct cred *cred)
1556 {
1557 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1558 	struct tmount *tm = (struct tmount *)VFSTOTM(vp->v_vfsp);
1559 
1560 	rw_enter(&tp->tn_rwlock, RW_WRITER);
1561 top:
1562 	mutex_enter(&tp->tn_tlock);
1563 	mutex_enter(&vp->v_lock);
1564 	ASSERT(vp->v_count >= 1);
1565 
1566 	/*
1567 	 * If we don't have the last hold or the link count is non-zero,
1568 	 * there's little to do -- just drop our hold.
1569 	 */
1570 	if (vp->v_count > 1 || tp->tn_nlink != 0) {
1571 		vp->v_count--;
1572 		mutex_exit(&vp->v_lock);
1573 		mutex_exit(&tp->tn_tlock);
1574 		rw_exit(&tp->tn_rwlock);
1575 		return;
1576 	}
1577 
1578 	/*
1579 	 * We have the last hold *and* the link count is zero, so this
1580 	 * tmpnode is dead from the filesystem's viewpoint.  However,
1581 	 * if the tmpnode has any pages associated with it (i.e. if it's
1582 	 * a normal file with non-zero size), the tmpnode can still be
1583 	 * discovered by pageout or fsflush via the page vnode pointers.
1584 	 * In this case we must drop all our locks, truncate the tmpnode,
1585 	 * and try the whole dance again.
1586 	 */
1587 	if (tp->tn_size != 0) {
1588 		if (tp->tn_type == VREG) {
1589 			mutex_exit(&vp->v_lock);
1590 			mutex_exit(&tp->tn_tlock);
1591 			rw_enter(&tp->tn_contents, RW_WRITER);
1592 			(void) tmpnode_trunc(tm, tp, 0);
1593 			rw_exit(&tp->tn_contents);
1594 			ASSERT(tp->tn_size == 0);
1595 			ASSERT(tp->tn_nblocks == 0);
1596 			goto top;
1597 		}
1598 		if (tp->tn_type == VLNK)
1599 			tmp_memfree(tp->tn_symlink, tp->tn_size + 1);
1600 	}
1601 
1602 	/*
1603 	 * Remove normal file/dir's xattr dir and xattrs.
1604 	 */
1605 	if (tp->tn_xattrdp) {
1606 		struct tmpnode *xtp = tp->tn_xattrdp;
1607 
1608 		ASSERT(xtp->tn_flags & ISXATTR);
1609 		tmpnode_hold(xtp);
1610 		rw_enter(&xtp->tn_rwlock, RW_WRITER);
1611 		tdirtrunc(xtp);
1612 		DECR_COUNT(&xtp->tn_nlink, &xtp->tn_tlock);
1613 		tp->tn_xattrdp = NULL;
1614 		rw_exit(&xtp->tn_rwlock);
1615 		tmpnode_rele(xtp);
1616 	}
1617 
1618 	mutex_exit(&vp->v_lock);
1619 	mutex_exit(&tp->tn_tlock);
1620 	/* Here's our chance to send invalid event while we're between locks */
1621 	vn_invalid(TNTOV(tp));
1622 	mutex_enter(&tm->tm_contents);
1623 	if (tp->tn_forw == NULL)
1624 		tm->tm_rootnode->tn_back = tp->tn_back;
1625 	else
1626 		tp->tn_forw->tn_back = tp->tn_back;
1627 	tp->tn_back->tn_forw = tp->tn_forw;
1628 	mutex_exit(&tm->tm_contents);
1629 	rw_exit(&tp->tn_rwlock);
1630 	rw_destroy(&tp->tn_rwlock);
1631 	mutex_destroy(&tp->tn_tlock);
1632 	vn_free(TNTOV(tp));
1633 	tmp_memfree(tp, sizeof (struct tmpnode));
1634 }
1635 
1636 static int
1637 tmp_fid(struct vnode *vp, struct fid *fidp)
1638 {
1639 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1640 	struct tfid *tfid;
1641 
1642 	if (fidp->fid_len < (sizeof (struct tfid) - sizeof (ushort_t))) {
1643 		fidp->fid_len = sizeof (struct tfid) - sizeof (ushort_t);
1644 		return (ENOSPC);
1645 	}
1646 
1647 	tfid = (struct tfid *)fidp;
1648 	bzero(tfid, sizeof (struct tfid));
1649 	tfid->tfid_len = (int)sizeof (struct tfid) - sizeof (ushort_t);
1650 
1651 	tfid->tfid_ino = tp->tn_nodeid;
1652 	tfid->tfid_gen = tp->tn_gen;
1653 
1654 	return (0);
1655 }
1656 
1657 
1658 /*
1659  * Return all the pages from [off..off+len] in given file
1660  */
1661 static int
1662 tmp_getpage(
1663 	struct vnode *vp,
1664 	offset_t off,
1665 	size_t len,
1666 	uint_t *protp,
1667 	page_t *pl[],
1668 	size_t plsz,
1669 	struct seg *seg,
1670 	caddr_t addr,
1671 	enum seg_rw rw,
1672 	struct cred *cr)
1673 {
1674 	int err = 0;
1675 	struct tmpnode *tp = VTOTN(vp);
1676 	anoff_t toff = (anoff_t)off;
1677 	size_t tlen = len;
1678 	u_offset_t tmpoff;
1679 	timestruc_t now;
1680 
1681 	rw_enter(&tp->tn_contents, RW_READER);
1682 
1683 	if (off + len  > tp->tn_size + PAGEOFFSET) {
1684 		err = EFAULT;
1685 		goto out;
1686 	}
1687 	/*
1688 	 * Look for holes (no anon slot) in faulting range. If there are
1689 	 * holes we have to switch to a write lock and fill them in. Swap
1690 	 * space for holes was already reserved when the file was grown.
1691 	 */
1692 	tmpoff = toff;
1693 	if (non_anon(tp->tn_anon, btop(off), &tmpoff, &tlen)) {
1694 		if (!rw_tryupgrade(&tp->tn_contents)) {
1695 			rw_exit(&tp->tn_contents);
1696 			rw_enter(&tp->tn_contents, RW_WRITER);
1697 			/* Size may have changed when lock was dropped */
1698 			if (off + len  > tp->tn_size + PAGEOFFSET) {
1699 				err = EFAULT;
1700 				goto out;
1701 			}
1702 		}
1703 		for (toff = (anoff_t)off; toff < (anoff_t)off + len;
1704 		    toff += PAGESIZE) {
1705 			if (anon_get_ptr(tp->tn_anon, btop(toff)) == NULL) {
1706 				/* XXX - may allocate mem w. write lock held */
1707 				(void) anon_set_ptr(tp->tn_anon, btop(toff),
1708 						anon_alloc(vp, toff),
1709 						ANON_SLEEP);
1710 				tp->tn_nblocks++;
1711 			}
1712 		}
1713 		rw_downgrade(&tp->tn_contents);
1714 	}
1715 
1716 
1717 	if (len <= PAGESIZE)
1718 		err = tmp_getapage(vp, (u_offset_t)off, len, protp, pl, plsz,
1719 		    seg, addr, rw, cr);
1720 	else
1721 		err = pvn_getpages(tmp_getapage, vp, (u_offset_t)off, len,
1722 		    protp, pl, plsz, seg, addr, rw, cr);
1723 
1724 	gethrestime(&now);
1725 	tp->tn_atime = now;
1726 	if (rw == S_WRITE)
1727 		tp->tn_mtime = now;
1728 
1729 out:
1730 	rw_exit(&tp->tn_contents);
1731 	return (err);
1732 }
1733 
1734 /*
1735  * Called from pvn_getpages or swap_getpage to get a particular page.
1736  */
1737 /*ARGSUSED*/
1738 static int
1739 tmp_getapage(
1740 	struct vnode *vp,
1741 	u_offset_t off,
1742 	size_t len,
1743 	uint_t *protp,
1744 	page_t *pl[],
1745 	size_t plsz,
1746 	struct seg *seg,
1747 	caddr_t addr,
1748 	enum seg_rw rw,
1749 	struct cred *cr)
1750 {
1751 	struct page *pp;
1752 	int flags;
1753 	int err = 0;
1754 	struct vnode *pvp;
1755 	u_offset_t poff;
1756 
1757 	if (protp != NULL)
1758 		*protp = PROT_ALL;
1759 again:
1760 	if (pp = page_lookup(vp, off, rw == S_CREATE ? SE_EXCL : SE_SHARED)) {
1761 		if (pl) {
1762 			pl[0] = pp;
1763 			pl[1] = NULL;
1764 		} else {
1765 			page_unlock(pp);
1766 		}
1767 	} else {
1768 		pp = page_create_va(vp, off, PAGESIZE,
1769 		    PG_WAIT | PG_EXCL, seg, addr);
1770 		/*
1771 		 * Someone raced in and created the page after we did the
1772 		 * lookup but before we did the create, so go back and
1773 		 * try to look it up again.
1774 		 */
1775 		if (pp == NULL)
1776 			goto again;
1777 		/*
1778 		 * Fill page from backing store, if any. If none, then
1779 		 * either this is a newly filled hole or page must have
1780 		 * been unmodified and freed so just zero it out.
1781 		 */
1782 		err = swap_getphysname(vp, off, &pvp, &poff);
1783 		if (err) {
1784 			panic("tmp_getapage: no anon slot vp %p "
1785 			    "off %llx pp %p\n", (void *)vp, off, (void *)pp);
1786 		}
1787 		if (pvp) {
1788 			flags = (pl == NULL ? B_ASYNC|B_READ : B_READ);
1789 			err = VOP_PAGEIO(pvp, pp, (u_offset_t)poff, PAGESIZE,
1790 			    flags, cr);
1791 			if (flags & B_ASYNC)
1792 				pp = NULL;
1793 		} else if (rw != S_CREATE) {
1794 			pagezero(pp, 0, PAGESIZE);
1795 		}
1796 		if (err && pp)
1797 			pvn_read_done(pp, B_ERROR);
1798 		if (err == 0) {
1799 			if (pl)
1800 				pvn_plist_init(pp, pl, plsz, off, PAGESIZE, rw);
1801 			else
1802 				pvn_io_done(pp);
1803 		}
1804 	}
1805 	return (err);
1806 }
1807 
1808 
1809 /*
1810  * Flags are composed of {B_INVAL, B_DIRTY B_FREE, B_DONTNEED}.
1811  * If len == 0, do from off to EOF.
1812  */
1813 static int tmp_nopage = 0;	/* Don't do tmp_putpage's if set */
1814 
1815 /* ARGSUSED */
1816 int
1817 tmp_putpage(
1818 	register struct vnode *vp,
1819 	offset_t off,
1820 	size_t len,
1821 	int flags,
1822 	struct cred *cr)
1823 {
1824 	register page_t *pp;
1825 	u_offset_t io_off;
1826 	size_t io_len = 0;
1827 	int err = 0;
1828 	struct tmpnode *tp = VTOTN(vp);
1829 	int dolock;
1830 
1831 	if (tmp_nopage)
1832 		return (0);
1833 
1834 	ASSERT(vp->v_count != 0);
1835 
1836 	if (vp->v_flag & VNOMAP)
1837 		return (ENOSYS);
1838 
1839 	/*
1840 	 * This being tmpfs, we don't ever do i/o unless we really
1841 	 * have to (when we're low on memory and pageout calls us
1842 	 * with B_ASYNC | B_FREE or the user explicitly asks for it with
1843 	 * B_DONTNEED).
1844 	 * XXX to approximately track the mod time like ufs we should
1845 	 * update the times here. The problem is, once someone does a
1846 	 * store we never clear the mod bit and do i/o, thus fsflush
1847 	 * will keep calling us every 30 seconds to do the i/o and we'll
1848 	 * continually update the mod time. At least we update the mod
1849 	 * time on the first store because this results in a call to getpage.
1850 	 */
1851 	if (flags != (B_ASYNC | B_FREE) && (flags & B_INVAL) == 0 &&
1852 		(flags & B_DONTNEED) == 0)
1853 		return (0);
1854 	/*
1855 	 * If this thread owns the lock, i.e., this thread grabbed it
1856 	 * as writer somewhere above, then we don't need to grab the
1857 	 * lock as reader in this routine.
1858 	 */
1859 	dolock = (rw_owner(&tp->tn_contents) != curthread);
1860 
1861 	/*
1862 	 * If this is pageout don't block on the lock as you could deadlock
1863 	 * when freemem == 0 (another thread has the read lock and is blocked
1864 	 * creating a page, and a third thread is waiting to get the writers
1865 	 * lock - waiting writers priority blocks us from getting the read
1866 	 * lock). Of course, if the only freeable pages are on this tmpnode
1867 	 * we're hosed anyways. A better solution might be a new lock type.
1868 	 * Note: ufs has the same problem.
1869 	 */
1870 	if (curproc == proc_pageout) {
1871 		if (!rw_tryenter(&tp->tn_contents, RW_READER))
1872 			return (ENOMEM);
1873 	} else if (dolock)
1874 		rw_enter(&tp->tn_contents, RW_READER);
1875 
1876 	if (!vn_has_cached_data(vp))
1877 		goto out;
1878 
1879 	if (len == 0) {
1880 		if (curproc == proc_pageout) {
1881 			panic("tmp: pageout can't block");
1882 			/*NOTREACHED*/
1883 		}
1884 
1885 		/* Search the entire vp list for pages >= off. */
1886 		err = pvn_vplist_dirty(vp, (u_offset_t)off, tmp_putapage,
1887 		    flags, cr);
1888 	} else {
1889 		u_offset_t eoff;
1890 
1891 		/*
1892 		 * Loop over all offsets in the range [off...off + len]
1893 		 * looking for pages to deal with.
1894 		 */
1895 		eoff = MIN(off + len, tp->tn_size);
1896 		for (io_off = off; io_off < eoff; io_off += io_len) {
1897 			/*
1898 			 * If we are not invalidating, synchronously
1899 			 * freeing or writing pages use the routine
1900 			 * page_lookup_nowait() to prevent reclaiming
1901 			 * them from the free list.
1902 			 */
1903 			if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
1904 				pp = page_lookup(vp, io_off,
1905 				    (flags & (B_INVAL | B_FREE)) ?
1906 				    SE_EXCL : SE_SHARED);
1907 			} else {
1908 				pp = page_lookup_nowait(vp, io_off,
1909 				    (flags & B_FREE) ? SE_EXCL : SE_SHARED);
1910 			}
1911 
1912 			if (pp == NULL || pvn_getdirty(pp, flags) == 0)
1913 				io_len = PAGESIZE;
1914 			else {
1915 				err = tmp_putapage(vp, pp, &io_off, &io_len,
1916 				    flags, cr);
1917 				if (err != 0)
1918 					break;
1919 			}
1920 		}
1921 	}
1922 	/* If invalidating, verify all pages on vnode list are gone. */
1923 	if (err == 0 && off == 0 && len == 0 &&
1924 	    (flags & B_INVAL) && vn_has_cached_data(vp)) {
1925 		panic("tmp_putpage: B_INVAL, pages not gone");
1926 		/*NOTREACHED*/
1927 	}
1928 out:
1929 	if ((curproc == proc_pageout) || dolock)
1930 		rw_exit(&tp->tn_contents);
1931 	/*
1932 	 * Only reason putapage is going to give us SE_NOSWAP as error
1933 	 * is when we ask a page to be written to physical backing store
1934 	 * and there is none. Ignore this because we might be dealing
1935 	 * with a swap page which does not have any backing store
1936 	 * on disk. In any other case we won't get this error over here.
1937 	 */
1938 	if (err == SE_NOSWAP)
1939 		err = 0;
1940 	return (err);
1941 }
1942 
1943 long tmp_putpagecnt, tmp_pagespushed;
1944 
1945 /*
1946  * Write out a single page.
1947  * For tmpfs this means choose a physical swap slot and write the page
1948  * out using VOP_PAGEIO. For performance, we attempt to kluster; i.e.,
1949  * we try to find a bunch of other dirty pages adjacent in the file
1950  * and a bunch of contiguous swap slots, and then write all the pages
1951  * out in a single i/o.
1952  */
1953 /*ARGSUSED*/
1954 static int
1955 tmp_putapage(
1956 	struct vnode *vp,
1957 	page_t *pp,
1958 	u_offset_t *offp,
1959 	size_t *lenp,
1960 	int flags,
1961 	struct cred *cr)
1962 {
1963 	int err;
1964 	ulong_t klstart, kllen;
1965 	page_t *pplist, *npplist;
1966 	extern int klustsize;
1967 	long tmp_klustsize;
1968 	struct tmpnode *tp;
1969 	size_t pp_off, pp_len;
1970 	u_offset_t io_off;
1971 	size_t io_len;
1972 	struct vnode *pvp;
1973 	u_offset_t pstart;
1974 	u_offset_t offset;
1975 	u_offset_t tmpoff;
1976 
1977 	ASSERT(PAGE_LOCKED(pp));
1978 
1979 	/* Kluster in tmp_klustsize chunks */
1980 	tp = VTOTN(vp);
1981 	tmp_klustsize = klustsize;
1982 	offset = pp->p_offset;
1983 	klstart = (offset / tmp_klustsize) * tmp_klustsize;
1984 	kllen = MIN(tmp_klustsize, tp->tn_size - klstart);
1985 
1986 	/* Get a kluster of pages */
1987 	pplist =
1988 	    pvn_write_kluster(vp, pp, &tmpoff, &pp_len, klstart, kllen, flags);
1989 
1990 	pp_off = (size_t)tmpoff;
1991 
1992 	/*
1993 	 * Get a cluster of physical offsets for the pages; the amount we
1994 	 * get may be some subrange of what we ask for (io_off, io_len).
1995 	 */
1996 	io_off = pp_off;
1997 	io_len = pp_len;
1998 	err = swap_newphysname(vp, offset, &io_off, &io_len, &pvp, &pstart);
1999 	ASSERT(err != SE_NOANON); /* anon slot must have been filled */
2000 	if (err) {
2001 		pvn_write_done(pplist, B_ERROR | B_WRITE | flags);
2002 		/*
2003 		 * If this routine is called as a result of segvn_sync
2004 		 * operation and we have no physical swap then we can get an
2005 		 * error here. In such case we would return SE_NOSWAP as error.
2006 		 * At this point, we expect only SE_NOSWAP.
2007 		 */
2008 		ASSERT(err == SE_NOSWAP);
2009 		if (flags & B_INVAL)
2010 			err = ENOMEM;
2011 		goto out;
2012 	}
2013 	ASSERT(pp_off <= io_off && io_off + io_len <= pp_off + pp_len);
2014 	ASSERT(io_off <= offset && offset < io_off + io_len);
2015 
2016 	/* Toss pages at front/rear that we couldn't get physical backing for */
2017 	if (io_off != pp_off) {
2018 		npplist = NULL;
2019 		page_list_break(&pplist, &npplist, btop(io_off - pp_off));
2020 		ASSERT(pplist->p_offset == pp_off);
2021 		ASSERT(pplist->p_prev->p_offset == io_off - PAGESIZE);
2022 		pvn_write_done(pplist, B_ERROR | B_WRITE | flags);
2023 		pplist = npplist;
2024 	}
2025 	if (io_off + io_len < pp_off + pp_len) {
2026 		npplist = NULL;
2027 		page_list_break(&pplist, &npplist, btop(io_len));
2028 		ASSERT(npplist->p_offset == io_off + io_len);
2029 		ASSERT(npplist->p_prev->p_offset == pp_off + pp_len - PAGESIZE);
2030 		pvn_write_done(npplist, B_ERROR | B_WRITE | flags);
2031 	}
2032 
2033 	ASSERT(pplist->p_offset == io_off);
2034 	ASSERT(pplist->p_prev->p_offset == io_off + io_len - PAGESIZE);
2035 	ASSERT(btopr(io_len) <= btopr(kllen));
2036 
2037 	/* Do i/o on the remaining kluster */
2038 	err = VOP_PAGEIO(pvp, pplist, (u_offset_t)pstart, io_len,
2039 	    B_WRITE | flags, cr);
2040 
2041 	if ((flags & B_ASYNC) == 0) {
2042 		pvn_write_done(pplist, ((err) ? B_ERROR : 0) | B_WRITE | flags);
2043 	}
2044 out:
2045 	if (!err) {
2046 		if (offp)
2047 			*offp = io_off;
2048 		if (lenp)
2049 			*lenp = io_len;
2050 		tmp_putpagecnt++;
2051 		tmp_pagespushed += btop(io_len);
2052 	}
2053 	if (err && err != ENOMEM && err != SE_NOSWAP)
2054 		cmn_err(CE_WARN, "tmp_putapage: err %d\n", err);
2055 	return (err);
2056 }
2057 
2058 static int
2059 tmp_map(
2060 	struct vnode *vp,
2061 	offset_t off,
2062 	struct as *as,
2063 	caddr_t *addrp,
2064 	size_t len,
2065 	uchar_t prot,
2066 	uchar_t maxprot,
2067 	uint_t flags,
2068 	struct cred *cred)
2069 {
2070 	struct segvn_crargs vn_a;
2071 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
2072 	int error;
2073 
2074 #ifdef _ILP32
2075 	if (len > MAXOFF_T)
2076 		return (ENOMEM);
2077 #endif
2078 
2079 	if (vp->v_flag & VNOMAP)
2080 		return (ENOSYS);
2081 
2082 	if (off < 0 || (offset_t)(off + len) < 0 ||
2083 	    off > MAXOFF_T || (off + len) > MAXOFF_T)
2084 		return (ENXIO);
2085 
2086 	if (vp->v_type != VREG)
2087 		return (ENODEV);
2088 
2089 	/*
2090 	 * Don't allow mapping to locked file
2091 	 */
2092 	if (vn_has_mandatory_locks(vp, tp->tn_mode)) {
2093 		return (EAGAIN);
2094 	}
2095 
2096 	as_rangelock(as);
2097 	if ((flags & MAP_FIXED) == 0) {
2098 		map_addr(addrp, len, (offset_t)off, 1, flags);
2099 		if (*addrp == NULL) {
2100 			as_rangeunlock(as);
2101 			return (ENOMEM);
2102 		}
2103 	} else {
2104 		/*
2105 		 * User specified address - blow away any previous mappings
2106 		 */
2107 		(void) as_unmap(as, *addrp, len);
2108 	}
2109 
2110 	vn_a.vp = vp;
2111 	vn_a.offset = (u_offset_t)off;
2112 	vn_a.type = flags & MAP_TYPE;
2113 	vn_a.prot = prot;
2114 	vn_a.maxprot = maxprot;
2115 	vn_a.flags = flags & ~MAP_TYPE;
2116 	vn_a.cred = cred;
2117 	vn_a.amp = NULL;
2118 	vn_a.szc = 0;
2119 	vn_a.lgrp_mem_policy_flags = 0;
2120 
2121 	error = as_map(as, *addrp, len, segvn_create, &vn_a);
2122 	as_rangeunlock(as);
2123 	return (error);
2124 }
2125 
2126 /*
2127  * tmp_addmap and tmp_delmap can't be called since the vp
2128  * maintained in the segvn mapping is NULL.
2129  */
2130 /* ARGSUSED */
2131 static int
2132 tmp_addmap(
2133 	struct vnode *vp,
2134 	offset_t off,
2135 	struct as *as,
2136 	caddr_t addr,
2137 	size_t len,
2138 	uchar_t prot,
2139 	uchar_t maxprot,
2140 	uint_t flags,
2141 	struct cred *cred)
2142 {
2143 	return (0);
2144 }
2145 
2146 /* ARGSUSED */
2147 static int
2148 tmp_delmap(
2149 	struct vnode *vp,
2150 	offset_t off,
2151 	struct as *as,
2152 	caddr_t addr,
2153 	size_t len,
2154 	uint_t prot,
2155 	uint_t maxprot,
2156 	uint_t flags,
2157 	struct cred *cred)
2158 {
2159 	return (0);
2160 }
2161 
2162 static int
2163 tmp_freesp(struct vnode *vp, struct flock64 *lp, int flag)
2164 {
2165 	register int i;
2166 	register struct tmpnode *tp = VTOTN(vp);
2167 	int error;
2168 
2169 	ASSERT(vp->v_type == VREG);
2170 	ASSERT(lp->l_start >= 0);
2171 
2172 	if (lp->l_len != 0)
2173 		return (EINVAL);
2174 
2175 	rw_enter(&tp->tn_rwlock, RW_WRITER);
2176 	if (tp->tn_size == lp->l_start) {
2177 		rw_exit(&tp->tn_rwlock);
2178 		return (0);
2179 	}
2180 
2181 	/*
2182 	 * Check for any mandatory locks on the range
2183 	 */
2184 	if (MANDLOCK(vp, tp->tn_mode)) {
2185 		long save_start;
2186 
2187 		save_start = lp->l_start;
2188 
2189 		if (tp->tn_size < lp->l_start) {
2190 			/*
2191 			 * "Truncate up" case: need to make sure there
2192 			 * is no lock beyond current end-of-file. To
2193 			 * do so, we need to set l_start to the size
2194 			 * of the file temporarily.
2195 			 */
2196 			lp->l_start = tp->tn_size;
2197 		}
2198 		lp->l_type = F_WRLCK;
2199 		lp->l_sysid = 0;
2200 		lp->l_pid = ttoproc(curthread)->p_pid;
2201 		i = (flag & (FNDELAY|FNONBLOCK)) ? 0 : SLPFLCK;
2202 		if ((i = reclock(vp, lp, i, 0, lp->l_start, NULL)) != 0 ||
2203 		    lp->l_type != F_UNLCK) {
2204 			rw_exit(&tp->tn_rwlock);
2205 			return (i ? i : EAGAIN);
2206 		}
2207 
2208 		lp->l_start = save_start;
2209 	}
2210 	VFSTOTM(vp->v_vfsp);
2211 
2212 	rw_enter(&tp->tn_contents, RW_WRITER);
2213 	error = tmpnode_trunc((struct tmount *)VFSTOTM(vp->v_vfsp),
2214 	    tp, (ulong_t)lp->l_start);
2215 	rw_exit(&tp->tn_contents);
2216 	rw_exit(&tp->tn_rwlock);
2217 	return (error);
2218 }
2219 
2220 /* ARGSUSED */
2221 static int
2222 tmp_space(
2223 	struct vnode *vp,
2224 	int cmd,
2225 	struct flock64 *bfp,
2226 	int flag,
2227 	offset_t offset,
2228 	cred_t *cred,
2229 	caller_context_t *ct)
2230 {
2231 	int error;
2232 
2233 	if (cmd != F_FREESP)
2234 		return (EINVAL);
2235 	if ((error = convoff(vp, bfp, 0, (offset_t)offset)) == 0) {
2236 		if ((bfp->l_start > MAXOFF_T) || (bfp->l_len > MAXOFF_T))
2237 			return (EFBIG);
2238 		error = tmp_freesp(vp, bfp, flag);
2239 	}
2240 	return (error);
2241 }
2242 
2243 /* ARGSUSED */
2244 static int
2245 tmp_seek(struct vnode *vp, offset_t ooff, offset_t *noffp)
2246 {
2247 	return ((*noffp < 0 || *noffp > MAXOFFSET_T) ? EINVAL : 0);
2248 }
2249 
2250 /* ARGSUSED2 */
2251 static int
2252 tmp_rwlock(struct vnode *vp, int write_lock, caller_context_t *ctp)
2253 {
2254 	struct tmpnode *tp = VTOTN(vp);
2255 
2256 	if (write_lock) {
2257 		rw_enter(&tp->tn_rwlock, RW_WRITER);
2258 	} else {
2259 		rw_enter(&tp->tn_rwlock, RW_READER);
2260 	}
2261 	return (write_lock);
2262 }
2263 
2264 /* ARGSUSED1 */
2265 static void
2266 tmp_rwunlock(struct vnode *vp, int write_lock, caller_context_t *ctp)
2267 {
2268 	struct tmpnode *tp = VTOTN(vp);
2269 
2270 	rw_exit(&tp->tn_rwlock);
2271 }
2272 
2273 static int
2274 tmp_pathconf(struct vnode *vp, int cmd, ulong_t *valp, cred_t *cr)
2275 {
2276 	struct tmpnode *tp = NULL;
2277 	int error;
2278 
2279 	switch (cmd) {
2280 	case _PC_XATTR_EXISTS:
2281 		if (vp->v_vfsp->vfs_flag & VFS_XATTR) {
2282 			*valp = 0;	/* assume no attributes */
2283 			error = 0;	/* okay to ask */
2284 			tp = VTOTN(vp);
2285 			rw_enter(&tp->tn_rwlock, RW_READER);
2286 			if (tp->tn_xattrdp) {
2287 				rw_enter(&tp->tn_xattrdp->tn_rwlock, RW_READER);
2288 				/* do not count "." and ".." */
2289 				if (tp->tn_xattrdp->tn_dirents > 2)
2290 					*valp = 1;
2291 				rw_exit(&tp->tn_xattrdp->tn_rwlock);
2292 			}
2293 			rw_exit(&tp->tn_rwlock);
2294 		} else {
2295 			error = EINVAL;
2296 		}
2297 		break;
2298 	default:
2299 		error = fs_pathconf(vp, cmd, valp, cr);
2300 	}
2301 	return (error);
2302 }
2303 
2304 
2305 struct vnodeops *tmp_vnodeops;
2306 
2307 const fs_operation_def_t tmp_vnodeops_template[] = {
2308 	VOPNAME_OPEN,		{ .vop_open = tmp_open },
2309 	VOPNAME_CLOSE,		{ .vop_close = tmp_close },
2310 	VOPNAME_READ,		{ .vop_read = tmp_read },
2311 	VOPNAME_WRITE,		{ .vop_write = tmp_write },
2312 	VOPNAME_IOCTL,		{ .vop_ioctl = tmp_ioctl },
2313 	VOPNAME_GETATTR,	{ .vop_getattr = tmp_getattr },
2314 	VOPNAME_SETATTR,	{ .vop_setattr = tmp_setattr },
2315 	VOPNAME_ACCESS,		{ .vop_access = tmp_access },
2316 	VOPNAME_LOOKUP,		{ .vop_lookup = tmp_lookup },
2317 	VOPNAME_CREATE,		{ .vop_create = tmp_create },
2318 	VOPNAME_REMOVE,		{ .vop_remove = tmp_remove },
2319 	VOPNAME_LINK,		{ .vop_link = tmp_link },
2320 	VOPNAME_RENAME,		{ .vop_rename = tmp_rename },
2321 	VOPNAME_MKDIR,		{ .vop_mkdir = tmp_mkdir },
2322 	VOPNAME_RMDIR,		{ .vop_rmdir = tmp_rmdir },
2323 	VOPNAME_READDIR,	{ .vop_readdir = tmp_readdir },
2324 	VOPNAME_SYMLINK,	{ .vop_symlink = tmp_symlink },
2325 	VOPNAME_READLINK,	{ .vop_readlink = tmp_readlink },
2326 	VOPNAME_FSYNC,		{ .vop_fsync = tmp_fsync },
2327 	VOPNAME_INACTIVE,	{ .vop_inactive = tmp_inactive },
2328 	VOPNAME_FID,		{ .vop_fid = tmp_fid },
2329 	VOPNAME_RWLOCK,		{ .vop_rwlock = tmp_rwlock },
2330 	VOPNAME_RWUNLOCK,	{ .vop_rwunlock = tmp_rwunlock },
2331 	VOPNAME_SEEK,		{ .vop_seek = tmp_seek },
2332 	VOPNAME_SPACE,		{ .vop_space = tmp_space },
2333 	VOPNAME_GETPAGE,	{ .vop_getpage = tmp_getpage },
2334 	VOPNAME_PUTPAGE,	{ .vop_putpage = tmp_putpage },
2335 	VOPNAME_MAP,		{ .vop_map = tmp_map },
2336 	VOPNAME_ADDMAP,		{ .vop_addmap = tmp_addmap },
2337 	VOPNAME_DELMAP,		{ .vop_delmap = tmp_delmap },
2338 	VOPNAME_PATHCONF,	{ .vop_pathconf = tmp_pathconf },
2339 	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
2340 	NULL,			NULL
2341 };
2342